REMARKS 

In this Response, Applicants amend claims 1,12, 23, 34, 45, 52, 59, 66, 73, 80, 87, 94, 
101, 108, 115, and 122 and remove the basis for the Examiner's rejections. Applicants amend 
the claims solely to expedite prosecution of the present application and do not acquiesce to any 
of the Examiner's rejections. Applicants' silence with regard to the Examiner's rejections of 
dependent claims constitutes a recognition by the Applicants that the rejections are moot based 
on Applicants' Amendment and/or Remarks relative to the independent claim from which the 
dependent claims depend. Applicants reserve the option to further prosecute the same or similar 
claims in the present or a subsequent application. Upon entry of the Amendment, claims 1-128 
are pending in the present application. 

Telephone Interview 

Applicants' Attorney acknowledges with appreciation the courtesy extended by the 
Examiner in conducting a telephone interview on March 24, 2004. During the interview, the 
Applicants' Attorney and the Examiner discussed features of Applicants' independent claim 1, 
the cited reference of Gasser, and the distinctions therebetween that are described below. 

Claim Rejections 
35U.S.C. § 101 

The Examiner rejected claims 101-128 under 35 U.S.C. § 101 as being directed to non- 
statutory subject matter. Specifically, the Examiner considered the preambles of claims 101-128 
(which recite, in pertinent part, "[a] computer data signal embodied in a carrier wave and 
representing a sequence of instructions that, when executed by a processor") to define non- 
statutory subject matter. 

Applicants respectfully note that the Office has recently issued a great number of patent 
applications with claims whose preambles are identical in all relevant aspects to the above-cited 
preambles of Applicants' claims 101-128. Since the Office issues patents that are presumed to 
be valid, the Office's current interpretation of 35 U.S.C. § 101 must be that claims with such 
preambles are directed to statutory subject matter. 
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Applicants claims 101-128 are, therefore, directed to statutory subject matter under the 
Office's current interpretation of 35 U.S.C. § 101. 

35U.S.C. § 102 

The Examiner rejected claims 1-128 under 35 U.S.C. § 102(b) as being anticipated by 

Gasser. 

Claims 1-11 

Applicants 5 independent claim 1 is directed to a method of requesting a resource. Among 
other things, Applicants' claim 1 deals with a presenter of credentials that requests access to the 
resource and a recipient of credentials who controls access to the resource and provides access 
thereto to members of a nested group. As provided in Applicants' claim 1, the presenter of 
credentials requests the resource by presenting to the recipient of credentials one or more chains 
of group credentials that prove the presenter's membership in the nested group. 

In one embodiment, Applicants' claim 1 relates to a scenario that includes a principal, a 
resource server, and a resource. The resource server controls access to the resource and provides 
access thereto to members of a nested group. The principal seeks access to the resource. 

Gasser describes conventional approaches by which the principal seeks access to the 
resource. In Gasser, the principal transmits a request for access to the resource server, and the 
resource server determines whether to provide access to the principal. (Gasser col. 1 1, 11. 36-46 
and col. 17, 11. 59-67.) The resource server makes this determination by identifying the groups to 
which access can be provided (e.g., by identifying the group names on an access control list at 
the resource server) and requesting group membership certificates for each of the identified 
groups from a Group Naming Service (GNS). (Gasser col. 10, 1. 35 to col. 11,1. 15, col. 11, 11. 
36-46, and col. 17, 11. 59-67.) The resource server determines whether the principal's identity is 
included in any of the group membership certificates. If the resource server determines that the 
principal's identity is so included, the resource server provides access to the principal. 

Gasser' s conventional approaches are computationally demanding on the resource server. 
For each principal that requests access, the Gasser resource server (i) retrieves from the GNS 
group membership certificates for those groups to which access is available, (ii) determines 
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whether the principal's identity is included in any of those group membership certificates, and 
(iii) if appropriate, provides access to the principal. 

In contrast, Applicants' independent claim 1 describes an approach that can be so 
implemented as to be less computationally demanding on the resource server. In Applicants' 
approach, the requesting principal presents to the resource server one or more chains of group 
credentials that prove the principal's membership in the nested group, so that the resource server 
is not required to retrieve group membership certificates and determine whether the requesting 
principal's identity is included in any-of the retrieved certificates. In Applicants' approach, 
therefore, the labor of determining whether the requesting principal is a member of the nested 
group can be shifted from the resource server to the requesting principal. 

Since Gasser describes conventional approaches, Gasser does not teach or suggest at least 
the feature of Applicants' independent claim 1 directed to "the presenter of credentials presents 
to the recipient of credentials one or more chains of group credentials that prove the presenter's 
membership in the nested group." 

Applicants' independent claim 1 and all of its dependent claims are, therefore, allowable. 

Claims 12-72 and 101-1 14 

Applicants' claims 12-72 and 101-1 14 are directed to devices, computer data signals, 
methods, and computer systems and include features similar to Applicants' independent claim 1. 
Applicants' claims 12-72 and 101-1 14 are allowable on the basis of the arguments presented 
with respect to Applicants' independent ,claim 1. 

Claims 73-79 

Applicants' independent claim 73 is directed to a method of operating a resource server 
on a computer network. Among other things, Applicants' claim 73 deals with a resource server 
that controls access to a resource and that provides access to the resource to members of a nested 
group. The resource server receives a resource-access request from a client, in which the request 
includes one or more chains of group credentials that prove client membership in the nested 
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group. The resource server validates the received chain of group credentials and, if it determines 
that the received chains of group credentials are valid, provides access to the resource to the 
client. 

Applicants' claim 73 describes an approach by which a resource server receives requests 
for access from principals and provides access to members of a nested group. As previously 
described, Applicants' claim 1 describes an approach by which principals request access from a 
resource server that provides access to members of a nested group. Applicants' claims 1 and 73 
are, therefore, complementary approaches to the principal-and-resource-server scenario that was 
described with respect to claim 1 . 

Since Applicants' claim 73 is complementary to Applicants' claim 1, Applicants' claim 
73 and all of its dependent claims are allowable on the basis of the arguments presented with 
respect to Applicants' claim 1. 

Claims 80-110 and 115-128 

Applicants' claims 80-1 10 and 1 15-128 are directed to devices, computer data signals, 
methods and computer systems and include features similar to Applicants' independent claim 73. 
Applicants' claims 80-1 10 and 1 15-128 are allowable on the basis of the arguments presented 
with respect to Applicants' independent claim 73. 
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CONCLUSION 

Applicants request entry of the present Amendment because it places the application in 
condition for allowance. 

Applicants invite the Examiner to contact the Applicants 5 undersigned Attorney if any 
issues are deemed to remain prior to allowance. 



Respectfully submitted, 
FOLEY HOAG LLP 
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